2fb54b9d156cd9a92ea315b53ac334d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2fb54b9d156cd9a92ea315b53ac334d7_JaffaCakes118
Size

377KB
MD5

2fb54b9d156cd9a92ea315b53ac334d7
SHA1

b9f203ae12b401a5cb4f46d427a697aeb5a63966
SHA256

1d66778a3ec1fcfd843f473114b5de5fb10d5886379c9308f8f7276faf9b4972
SHA512

3c9642d1d10f35cda1aed75ee7b46b2979a1f85c28195c54fe8e9244248d9bd167dc58c93e58bff71e43e2122364fa5dee0d7c097597697de9e386e4b36873c8
SSDEEP

6144:s2wPdywXDIaWonWhTDPruasmhKQG2MEFzQjFgKkdmGgloT7Ww9zsl097VCT+Q6Hz:s2sdHDIaWo6Um4QlDCjF/l87Ww9o4nQs

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ttk.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ttk.exe
unpack002/out.upx

Files

2fb54b9d156cd9a92ea315b53ac334d7_JaffaCakes118
.rar
config.ini
ttk.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 198KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 703KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe .js windows:4 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 35B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 702KB - Virtual size: 702KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
绿盟.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.0MB

UPX1 Size: 198KB - Virtual size: 200KB

.rsrc Size: 703KB - Virtual size: 704KB

Headers

File Characteristics

Sections

CODE Size: 443KB - Virtual size: 442KB

DATA Size: 5KB - Virtual size: 5KB

BSS Size: - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 10KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 35B

.reloc Size: 32KB - Virtual size: 32KB

.rsrc Size: 702KB - Virtual size: 702KB

UPX0
Size: - Virtual size: 1.0MB

UPX1
Size: 198KB - Virtual size: 200KB

.rsrc
Size: 703KB - Virtual size: 704KB

CODE
Size: 443KB - Virtual size: 442KB

DATA
Size: 5KB - Virtual size: 5KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 35B

.reloc
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 702KB - Virtual size: 702KB